From c3eb8de228326beb3d77632051e73ca6abcdd1e1 Mon Sep 17 00:00:00 2001 From: Bulga-xD Date: Sat, 24 Jun 2023 14:24:22 +0300 Subject: [PATCH] fix: wrong access token required claims (#139) * Fix optionals claims * New behaviour of pydantic * New behaviour of pydantic * fix unittest * Fix description * Fix linting --------- Co-authored-by: Kristiyan Tashev --- fastapi_azure_auth/user.py | 8 +++---- tests/test_openapi_scheme.py | 5 +---- tests/{test_guest_user.py => test_user.py} | 26 ++++++++++++++++++++++ 3 files changed, 31 insertions(+), 8 deletions(-) rename tests/{test_guest_user.py => test_user.py} (76%) diff --git a/fastapi_azure_auth/user.py b/fastapi_azure_auth/user.py index ac13096..664a5df 100644 --- a/fastapi_azure_auth/user.py +++ b/fastapi_azure_auth/user.py @@ -38,7 +38,7 @@ class Claims(BaseModel): description='Specifies the expiration time before which the JWT can be accepted for processing.', ) aio: Optional[str] = Field( - ..., + default=None, description='An internal claim used by Azure AD to record data for token reuse. Resources should not use this claim.', ) name: Optional[str] = Field( @@ -74,12 +74,12 @@ class Claims(BaseModel): description='Represents the tenant that the user is signing in to', ) uti: Optional[str] = Field( - ..., + default=None, description='Token identifier claim, equivalent to jti in the JWT specification. Unique, per-token identifier that is case-sensitive.', ) rh: Optional[str] = Field( - ..., - description='An internal claim used by Azure to revalidate tokens. Resources should not use this claim.', + default=None, + description='Token identifier claim, equivalent to jti in the JWT specification. Unique, per-token identifier that is case-sensitive.', ) ver: Literal['1.0', '2.0'] = Field( ..., diff --git a/tests/test_openapi_scheme.py b/tests/test_openapi_scheme.py index 4e8149c..96c193e 100644 --- a/tests/test_openapi_scheme.py +++ b/tests/test_openapi_scheme.py @@ -44,12 +44,9 @@ 'iat', 'nbf', 'exp', - 'aio', 'sub', 'oid', 'tid', - 'uti', - 'rh', 'ver', 'claims', 'access_token', @@ -147,7 +144,7 @@ 'rh': { 'title': 'Rh', 'type': 'string', - 'description': 'An internal claim used by Azure to revalidate tokens. Resources should not use this claim.', + 'description': 'Token identifier claim, equivalent to jti in the JWT specification. Unique, per-token identifier that is case-sensitive.', }, 'ver': { 'title': 'Ver', diff --git a/tests/test_guest_user.py b/tests/test_user.py similarity index 76% rename from tests/test_guest_user.py rename to tests/test_user.py index 3057887..8048418 100644 --- a/tests/test_guest_user.py +++ b/tests/test_user.py @@ -1,7 +1,10 @@ +import calendar +import datetime from typing import Dict import pytest +from fastapi_azure_auth.user import User from fastapi_azure_auth.utils import is_guest @@ -79,3 +82,26 @@ ) def test_guest_user(claims: Dict[str, str], expected: bool): assert is_guest(claims=claims) == expected + + +def get_utc_now_as_unix_timestamp() -> int: + date = datetime.datetime.utcnow() + return calendar.timegm(date.utctimetuple()) + + +def test_user_missing_optionals(): + user = User( + aud='Dummy', + tid='Dummy', + access_token='Dummy', + claims={'oid': 'Dummy oid'}, + iss='https://dummy-platform.dummylogin.com/dummy-uid/v2.0/', + iat=get_utc_now_as_unix_timestamp(), + nbf=get_utc_now_as_unix_timestamp(), + exp=get_utc_now_as_unix_timestamp(), + sub='dummy-sub', + oid='dummy-oid', + ver='1.0', + scp='AccessAsUser', + ) + assert user is not None